During the last five to ten years, the legal sector in the UK has shown itself to be welcoming of new technology and the opportunities it brings.
From our own experience as a legal IT services company, we have devised, in collaboration with clients, bespoke security procedures for staff as part of a work from home policy or a remote work policy.
The advantages to allowing staff to work anywhere are clear in an era when employees are increasingly demanding flexible working and clients want you to visit them at their premises.
If your solicitors’ practice or barristers’ chambers currently have no policies in place, your first question to us during the current coronavirus crisis is how to maintain security when employees work remotely. With that in mind, we have written this article covering remote working security risks with the specific intention of sharing as many working from home security tips as possible.
- why colleagues should be vigilant about each email and phone call they receive
- the importance of a firewall for added security
- what a VPN is and how to connect colleagues working from home to one
- the importance of password security and multi-factor authentication
- why you should use secure cloud services for additional protection and for backing up data
- why connecting via an ethernet cable when working from home is more secure than connecting via Wi-Fi
- the protections offered to your company by anti-virus software
- encrypted messaging services
Verify each email or phone call you receive
Most data protection breaches and cyberattacks occur through social engineering – a series of tricks and deceptions designed to short circuit our normal decision-making process leading to our doing something to damage our company and benefit the fraudster.
If you get a phone call or email from Adam from personnel or Lucy from accounts, how well do you know Adam or Lucy? Do you recognise their writing style or from their tone of voice? Are they asking you to do something unusual? Are Adam and Lucy on LinkedIn and do they divulge a lot on their profile which a fraudster could take advantage of?
Without your colleagues around you as you sit in lockdown, you don’t have your colleagues to ask whether something is normal or not. Tell your staff to trust their own instincts – if something does not feel right or it feels unusual, contact a higher authority direct for clarification.
Set up a firewall
Firewalls are a barrier between the internet and the device you’re using which is connected to the internet. Their job is to stop data leaks from your device and to prevent the download of malware. Most devices have a built-in firewall and your staff may have firewalls incorporated into their home internet router.
Whilst, in most cases, these firewalls will do, they need to be switched on. Many believe that switching a firewall on makes the internet slower – it doesn’t. But, even if it did, it’s better to wait half a second more for a file to download than potentially expose the contents of that file to a hacker.
Set up a VPN for your staff
Virtual Private Networks (VPNs) allows you and your members of staff to route your internet tracker through a server of your choice. For consumers, they’re used to protect user identity and prevent the display of location-related advertisements.
Built into VPN services is end-to-end encryption meaning that, in the event that someone manages to intercept a member of staff’s internet traffic, the contents are unreadable and indecipherable.
Most VPNs charge for their services however market-leader ExpressVPN is offering a 30-day money back guarantee on its services. Try to avoid the free services if you can.
Password security and multi-factor authentication
Weak passwords are, perhaps, the main reason why so many companies’ systems are compromised by cybercriminals. Recently, the UK Government was considering a bill to make services providers (ISPs, banks, broadband providers, and so on) refuse suggested user passwords if they were deemed as too easy to guess.
Remembering lots of different passwords for different services is undoubtedly one of modern life’s frustrations and, at some human level, we can understand why people use them. You should consider supplying staff with password management software when working remotely.
You may also wish to consider Multi Factor Authentication for log-ins to your company network for added security.
Use secure cloud services for back-up
Many legal firms now use secure cloud services to both run the apps and programs they need to run their practice or chambers as well as providing a back-up of all company information in case of, for example, a ransomware attack.
By their very nature, the company information and sensitive data you hold will be in almost permanent transit across the internet especially if colleagues are adding to and manipulating the data held. Security, in this sense, means that the information is encrypted at all times when transmitted between the cloud and the device connecting to it.
Wi-Fi or ethernet?
All Wi-Fi can be hacked – even the Wi-Fi in your home or a colleague’s home. Make sure that the password you connect to your Wi-Fi with is very hard to guess.
If possible, you should log onto the internet on any equipment you have via an Ethernet port (that is, a physical connection between your route and your device). This is, of course, very difficult with smartphones and tablets this is difficult meaning that the use of VPNs and secure cloud services is of particular importance on these devices.
Use anti-virus software
Firewalls are successful in stopping nearly every threat to the security of any devices using them however it is possible to get around it. Anti-virus software detects potential issues on any web page you visit or in any email attachment warning you before you proceed that there may be a security issue.
Use encrypted messaging services
Where possible, try to keep as much of your internal communications off the email network. Although there have been improvements in security since the invention of email over 50 years ago, it’s surprising just how easy it is for hackers to intercept and manipulate emails.
You may wish to set up Slack, Monday, or Flock – all encrypted messaging apps available for both desktop, laptop, tablet, and smartphone – to communicate on case work, customer billing, and so on. For more trivial matters, phone-based apps like WhatsApp and Telegram are encrypted and secure.
Finally, keep your staff busy and allow them to connect with each other
And on the subject of apps like WhatsApp and Telegram and not on the subject of data protection, you should consider using technology to allow staff to communicate with each other so that there is still a sense of teamwork and togetherness.
Most legal practices are very busy organisations where staff have many demands placed upon them which need prioritising. As stressful as that busyness might be sometimes, it’s also the special magic that drives collaboration and cooperation between staff and workplace friendships.
Now that the vast majority of your staff (if not all of them) may be stuck at home, idleness and loneliness will take its toll of some of your team. Working for your firm is part of their identity and, against their will, that part of their identity has been compromised by the lockdown.
Keep your people busy – even if it’s writing blogs for the website or calling up existing clients to find out how they’re coping with the current situation.
And perhaps, once a day, allow your team or your departments to communicate via a phone or video conferencing facility so they can still speak to (and see) each other. As much as we have to think about getting through the lockdown, we’ve got to be ready for when things return to normality (whatever that might be on the other side of this).
Take advantage of our assistance – Sprout IT
For companies in the legal sector without either a work from home security policy or a remote working security policy, we strongly recommend that, on the conclusion of the current economic and societal upheaval, you call Sprout IT to help you device and implement one.
While many of the threats we have described in this article may appear difficult for any cyberattacker to pull off, you underestimate their opportunism at your peril. To borrow a cliché, your staff only need to get it wrong once for a breach to occur.
To get in contact with our team about data securing and work from home policies, please call Sprout IT today on 020 7036 8530 or email us.